Asterisk cmd Authenticate

Synopsis

Authenticate a user with a dialed passcode

Syntax

1.4-

Authenticate(password[|options[|maxdigits]])
Authenticate(/passwdfile|[|options[|maxdigits]])
Authenticate(/db-keyfamily|d[options[|maxdigits]])

1.6+

Authenticate(password[,options[,maxdigits]])
Authenticate(/passwdfile|[,options[,maxdigits]])
Authenticate(/db-keyfamily,d[options[,maxdigits]])

Options

A string of options may be provided by concatenating any of the following letters:
  • a - Set account code to the password that is entered. The password will be stored in the CDR field "accountcode" and the channel variable ${ACCOUNTCODE} will be set.
  • d - Interpret path as database key family
  • j - jump to priority n+101 if the authentication fails and that priority exists (1.4-, 1.6+)
  • m - Interpret the given path as a file which contains a list of account codes and MD5 password hashes delimited with ':', listed one per line in the file. When one of the passwords is matched, the channel will have its account code set to the corresponding account code (${CDR(accountcode)}, not ${ACCOUNTCODE}) in the file.
  • r - Remove database key upon successful entry (only applicable with 'd' option)
  • maxdigits - maximum acceptable number of digits. Stops reading after maxdigits have been entered (without requiring the user to press the '#' key). Defaults to 0 - no limit - wait for the user press the '#' key.

NOTE: The 'm' option does not set the account code unless the 'a' option is specified as well.
NOTE: When using the 'm' option, make sure that you don't create the hash with the number you want and a new line character you don't!
Better explained: "echo -n 1234 | md5sum" command will produce the hash you want, "echo 1234 | md5sum" command won't because echo without the -n option will add a new line character that makes the hash wrong to the md5sum. Just add the correct hashes to the file this way from example:

100:81dc9bdb52d04dc20036dbd8313ed055
101:674f3c2c1a8a6f90461e8a66fb5550ba

And everything will be fine using m and a options.

Description

The application requires a user to enter a password in order to continue execution.

If the first argument of the Authenticate application begins with the '/' character, it is interpreted as a file that contains a list of acceptable passwords (one password per line). Usernames or channels cannot be specified in the password file.

If the options string contains the 'd' option, then the first argument represents a database key family, with the key being the password to be matched.
i.e.:
/FEATURE/1234 = anystring.
Here FEATURE is the key family and '1234' (the key) is the password to be matched.
The value associated with the key can be any string.

NOTE: This design is totally counterintuitive to common sense, it should have been designed as /FEATURE/TYPE = password, so that a password can be retrieved from the database when having a key (and not the password), or can be deleted without also deleting the family or tree (dbdeltree)
(counterintuitive, yes, but absolutely necessary. This is the only way to allow multiple passwords to be stored, and remove each upon use with the r option.)

In Asterisk 1.4. and above access the channel variable ${ACCOUNTCODE} by using ${CDR(accountcode)}

See also



Asterisk | Applications | Functions | Variables | Expressions | Asterisk FAQ

Synopsis

Authenticate a user with a dialed passcode

Syntax

1.4-

Authenticate(password[|options[|maxdigits]])
Authenticate(/passwdfile|[|options[|maxdigits]])
Authenticate(/db-keyfamily|d[options[|maxdigits]])

1.6+

Authenticate(password[,options[,maxdigits]])
Authenticate(/passwdfile|[,options[,maxdigits]])
Authenticate(/db-keyfamily,d[options[,maxdigits]])

Options

A string of options may be provided by concatenating any of the following letters:
  • a - Set account code to the password that is entered. The password will be stored in the CDR field "accountcode" and the channel variable ${ACCOUNTCODE} will be set.
  • d - Interpret path as database key family
  • j - jump to priority n+101 if the authentication fails and that priority exists (1.4-, 1.6+)
  • m - Interpret the given path as a file which contains a list of account codes and MD5 password hashes delimited with ':', listed one per line in the file. When one of the passwords is matched, the channel will have its account code set to the corresponding account code (${CDR(accountcode)}, not ${ACCOUNTCODE}) in the file.
  • r - Remove database key upon successful entry (only applicable with 'd' option)
  • maxdigits - maximum acceptable number of digits. Stops reading after maxdigits have been entered (without requiring the user to press the '#' key). Defaults to 0 - no limit - wait for the user press the '#' key.

NOTE: The 'm' option does not set the account code unless the 'a' option is specified as well.
NOTE: When using the 'm' option, make sure that you don't create the hash with the number you want and a new line character you don't!
Better explained: "echo -n 1234 | md5sum" command will produce the hash you want, "echo 1234 | md5sum" command won't because echo without the -n option will add a new line character that makes the hash wrong to the md5sum. Just add the correct hashes to the file this way from example:

100:81dc9bdb52d04dc20036dbd8313ed055
101:674f3c2c1a8a6f90461e8a66fb5550ba

And everything will be fine using m and a options.

Description

The application requires a user to enter a password in order to continue execution.

If the first argument of the Authenticate application begins with the '/' character, it is interpreted as a file that contains a list of acceptable passwords (one password per line). Usernames or channels cannot be specified in the password file.

If the options string contains the 'd' option, then the first argument represents a database key family, with the key being the password to be matched.
i.e.:
/FEATURE/1234 = anystring.
Here FEATURE is the key family and '1234' (the key) is the password to be matched.
The value associated with the key can be any string.

NOTE: This design is totally counterintuitive to common sense, it should have been designed as /FEATURE/TYPE = password, so that a password can be retrieved from the database when having a key (and not the password), or can be deleted without also deleting the family or tree (dbdeltree)
(counterintuitive, yes, but absolutely necessary. This is the only way to allow multiple passwords to be stored, and remove each upon use with the r option.)

In Asterisk 1.4. and above access the channel variable ${ACCOUNTCODE} by using ${CDR(accountcode)}

See also



Asterisk | Applications | Functions | Variables | Expressions | Asterisk FAQ

Created by: oej, Last modification: Thu 27 of Aug, 2009 (22:22 UTC) by coolmig
Please update this page with new information, just login and click on the "Edit" or "Discussion" tab. Get a free login here: Register Thanks! - Find us on Google+